Information Security Analyst (Open to remote work) at Ohio Farmers Insurance Company in Westfield Center, Ohio

Posted in Other 21 days ago.





Job Description:








Location: Open to remote work within Westfield's operating territory.

Salary range: Minimum Salary 70,830.00 Midpoint Salary 81,454.00 Maximum Salary 92,079.00

This position is also eligible for the Annual Incentive Program bonus, as well as 401K AND pension.

BUILD YOUR FUTURE, WHILE PROTECTING THEIRS.

You will be challenged. Rewarded. And valued for your unique experience, background and perspective.

Join a team where hard work pays off and original thinking is celebrated. As you build your future at Westfield, you will quickly learn that protecting our customer's future is at the heart of what we do. We deliver on our promise to help restore lives and rebuild businesses when the unexpected happens. Building relationships has been a part of our culture since 1848.

Be a part of a team that recognizes and appreciates those who take initiative, seek opportunity and strive for innovation in a changing world.



Information Security Analyst 1 Job Summary

Information Security Analyst, working under moderate supervision, will be responsible for the corporate-wide Information Security Governance, Risk, and Compliance (GRC) program. This person will work closely with Information Technology, Enterprise Risk Management (ERM), Legal, Human Resources and Procurement to ensure appropriate controls are in place to minimize risk and ensure compliance with Information Security Policy, Standards and Controls, NIST CSF, CIS, PCI-DSS, and data privacy regulations

The Information Security Analyst utilizes their knowledge and experience in assessing Information Technology and Cybersecurity risk, identifying emerging cybersecurity threats, and applying varying cyber security control frameworks and standards throughout the organization.

This person will also be responsible for the vendor risk management program, security exception/risk acceptance process, and liaise with internal/external auditors. The position will also manage, maintain, and administer the Information Security Education program.

Essential Functions (primary functions and/or reasons the job exists in order of importance)


  • Working under moderate supervision, is responsible for supporting, providing oversight, and/or managing the following:

    • Corporate-wide Information Security GRC program.

    • Assessing IT and Cybersecurity risks and identifying emerging cybersecurity threats.

    • Vendor risk management program.

    • Manage, maintain, and administer the Information Security Education program.



  • Maintains knowledge of best practice security frameworks, industry-recognized information technology control standards, and other industry resources and translates them into educational formats.

  • Performs security compliance assessments on new and existing systems, processes, and technology.

  • Collaborates to define IT security standards and develop supporting organizational policies.

  • Partners with various business units to ensure controls are adequate, appropriate, and effective.

  • Supports Vendor Risk Management and overall Third-Party Risk Management programs.

  • Assists in Data Classification and Rights Management roll out, adoption and support.

  • Actively participates and leads in security related planning meetings, project teams and workgroups.

  • Performs risk assessments and gap analysis, to assist with development of a Risk Register.

  • Develops, leads, coordinates, and presents security education training and awareness program materials.

  • Participates in internal and external security audit and compliance efforts.

  • Promotes a strong security culture throughout the organization.

  • Develops routine reports in accordance with GRC metrics.

  • Stays informed on developing regulatory and industry requirements and information security trends.

  • Travels occasionally to participate in special assignments, training, and/or travel between office locations.

Desired Qualifications/Experience/Certification/Education (in order of importance)


  • 3+ years of information security experience in one or more of the following areas:

    • GRC

    • Vendor Risk Assessments

    • IT auditing

    • Vulnerability Management

    • Enterprise Risk



  • Excellent written and oral communication skills including the following:

    • Delivers messages in a clear, compelling, and concise manner.

    • Articulates messages in a way that is broadly understandable.

    • Adjusts communication content and style to meet need of diverse audience.

    • Actively listens and checks for understanding.



  • Strong critical thinking and creative problem-solving and solutioning skills.

  • Familiarity with HIPAA, PCI-DSS, NIST CSF, FFIEC, CIS, FDIC, ISO 27001, and privacy regulations.

  • Proven ability to work closely with the business community as well as technical resources in a tactful manner.

  • Attentive to detail, as demonstrated by regularly verifying all work thoroughly to ensure accuracy.

  • Experience with GRC platforms.

  • Bachelor's degree in computer science, information technology, security or a related field, or equivalent work experience.

  • Must hold or working toward one or more of the following: CISSP, CRISC, CISA, CCSK, or similar industry-recognized certifications.

  • Valid driver's license and a driving record that conforms to company standards.

Physical Requirements (specific to the role)

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.


  • Ability to work effectively in an office environment for 40+ hours per week (including sitting, standing, and working on a computer for extended periods of time).

  • Ability to communicate effectively in a collaborative work environment utilizing various technologies such as: telephone, computer, web, voice, teleconferencing, e-mail, etc.

  • Ability to travel as required.

This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

Westfield offers a Total Rewards program that focuses on compensation, benefits and wellness, and includes perks like 401(k), pension plan, annual incentive, education reimbursement, flex-time, onsite fitness center and casual dress. Work-life balance, recognition, and learning and career development are all part of a rewarding career with Westfield.

To learn more about Westfield and the opportunities available, please visit us at westfieldinsurance.com.

#LI-PB1 #LI-Remote

We are an equal opportunity employer/minority/female/disability/protected veteran.